WP Security: plugin vulnerabilities August

Conditional Host Header Injection reported by Paul Dannewitz. It's possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when users click the buttons. Combined with a web cache poisoning, every user would share the malicious website.

Related Posts

For your WordPress protection, be informed about the latest vulnerabilities in WP plugins: WP Statistics SQL injection reported by Sucuri. Exploit allows to create an admin-level user and sign in to your WordPress as an admin. Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows attackers to compromise a WordPress...

For your WP Security, be informed about the latest vulnerabilities in WordPress themes: BBE Theme Direct Object Reference reported by Ryan (Dewhurst Security). The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor. immediately upgrade to version 1.53 to fix the vulnerability SummaryArticle NameWP Security:...

WP Security bulletin - January 2019 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 21 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress...

WP Security bulletin - SEPTEMBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 12 vulnerabilities in WordPress plugins identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious...

Nothing online is 100% secure and your WordPress is no exception to this rule. Since WordPress is powering at least a quarter of all websites worldwide, the platform is naturally an irresistible target for many attacks over the years. In this post - Never let your WP become an attack...

For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it's first official report January 29, 2018 or it's official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.5 and below have the Application Denial of Service (DoS)...

If you are unable to receive WordPress emails, then there is a chance that your server is hacked to send spam emails to all of us. You should not feel bad about spamming your friends and loved ones because by current statistics 90% of all e-mail is SPAM. There are...

What could go wrong SECURITY wise? Security wise, this gets ugly fast and it's painful. When your security is breached you lose immediately what you had. You lose files, data, sensitive and internal information. From the public view, your reputation gets a hit, your natural ranking is penalized, your customers...

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Redirection Authenticated Local File Inclusion reported by Ryan (Dewhurst Security). ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem. If you are logged in as an administrator on any site...

If you look at your analytic reports and see a sudden and constantly dropping trend in your website traffic, then it could be a sign that your WordPress site is hacked. There are some common tell-tale signs that should help you figure out if your WordPress site is compromised. No...

WP Security bulletin - NOVEMBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious...

For your WordPress protection, be informed about the latest WordPress Core vulnerabilities fixed in security release WordPress 4.8.2 from September 2017. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly...

What is an attack vector? An attack vector is a path or means by which a hacker gains access to your server or WordPress (or both) to execute a malicious payload. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Why the WordPress attack vector is so...

Highly obvious hacking. Because they can and because they have a message. And the message will be clearly visible on the homepage of your website. Mostly, hackers usually replace only the homepage with their own message. Replacing back the homepage to your old version is not the solution. You need...